In AES algorithm, in the key schedule,
Why does the expansion of a 256 bit key need an extra application of the S-box, unlike the expansion of 128 bit and 192 bit keys ?
(The obvious answer would be ...

I am about to go study for my masters in machine learning, data mining and high performance computing, but have recently become very interested in cryptography after taking Dan Boneh's Cryptography ...

A friend shared with me the following link: Encryption is less secure than we thought
I'm not a security expert and could understand great part the article, except the section about noise, but what I ...

I want to implement an internet-based e-voting system.
Voters shall be able to cast their vote for one out of n possible candidates. Each candidate has his own ballot-box kept by and at a trustworthy ...

Can we use a threshold scheme to construct a (yes/no)-election protocol, such that every voter can give a positive or negative vote or he can abstain, and such that only the result of the election is ...

The Schnorr protocol is a 3-steps proof of knowledge of a discrete logarithm, whose interactive version works as follows.
Let $p$ and $q$ be two public primes, such that $q \mid (p-1)$, and let $G$ ...

Are there any cryptographic hash functions for which there is a known pre-image attack, or a known second pre-image attack, but not both?
The attack doesn't have to be practical - just anything that ...

I am encrypting files for storage in an untrusted location, using a custom Java program to do that. There is only one user, but there are many files.
I am using AES in CBC mode with PKCS5 padding, and ...

Is there any problem with using social media (i.e. Facebook) as a directory of public keys?
For example, couldn't Alice put a note containing $(g^a \bmod p, g, p)$ on her Facebook page so she could ...

Reports are surfacing that Android's Java SecureRandom class has issues and isn't totally secure.
A specific example of how this issue translates to applications is bitcoin, where reports are stating ...

The Koblitz elliptic curves specified in the SEC2 document https://docs.google.com/viewer?url=http%3A%2F%2Fwww.secg.org%2Fcollateral%2Fsec2_final.pdf all have the nice feature that the parameters are ...

Using the terminology of the ECDSA wikipedia page, ECDSA (and DSA) signatures require a random k value for each signature which ensures that the signature is different each time even if the message ...

This note (http://maths-people.anu.edu.au/~brent/pd/primality4.pdf) states that AKS is not practical. However, it is known that AKS runs in polynomial-time, and I cannot understand where the slowness ...

I'm trying to design a deterministic encryption scheme to enable searching in untrusted databases with the smallest possible IV overhead on ciphertexts. I know it's very bad practice but unfortunately ...

Some cryptographic algorithms are as strong as the size of their key is, while other have some weaknesses that limit their strength (such as SHA-1). How strong is the ECDSA algorithm, and does that ...

I was thinking of a potential new way to increase someone's account security.
The idea was allowing the user to choose one of the hash formulas available in the software (example: "MD5", "SHA512" and ...

I've been reading about SHA-1. I read that SHA-1 is insecure as it uses the Merkle-Damgård construction and the Merkle-Damgård construction is — according to Wikipedia — susceptible to a variety of ...

I am confused, how can I encrypt a file using 128 Bit Advanced Encryption Standard?
Do I need only to encrypt the file name and it's content or is there something that I need to do to encrypt it? Is ...